Any book that numbers its chapters in hexadecimal can’t be that bad.
Actually the book is quite good. It should prove invaluable to any except those already well versed in the art of exploitation. It can be especially useful to also any C/C++ programmer that wants to avoid problems or at least make it harder for someone to attack their application.
Erickson presents a variety of methods of attack. Some are common such as buffer overflows. Others are less common or have fallen out of vogue for various reasons but the book does more than just cover the basic what and how. While it is definitely not a tome for script kiddies, it is a more thoughtful presentation of the mechanics that are often overlooked in most programming texts. Programmers and security professionals should get a good bit from this book.
Having a background in C/C++ is pretty much a requirement and any exposure to assembler will help. The examples center on the x86 architecture, but most of the open source tools will work on a range of Linux platforms. These include things like a hex editor, dissassembler, and network manipulation and sniffing tools.
The chapter on buffer overflows is probably the most useful and interesting. The sections on networking and shellcode may be the most useful to non-programmers. The Countermeasures chapter varies depending upon the topic but overall it is very good. The cryptography chapter is just right for someone getting started with encryption but this is a complex topic that has a number of books written about the subject already.
This book will take any programmer well beyond the usual programming techniques covered in conventional programming books. It should be viewed as a good introductory text making it a good prerequisite for most programmers in training.
Reprints
